Oracle delivers database fixes in Critical Patch Update

By Ed Scannell, Site Editor 22 Oct 2009 | SearchOracle.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

The affected products, numbering 21 in total, include Oracle Database 9i Release 2, 10g, 10g Release 2, 11g, Oracle Application Server 10g, and Oracle WebLogic Server. Six of the security patches deal with vulnerabilities that permit access to the Oracle Database without requiring a user name or password, according to the company. Also susceptible to outside attacks not requiring authentication are Oracle's BEA products including JRockit and WebLogic.

In his blog, Eric Maurice, manager of security in Oracle's global technology business unit, wrote: "Because of the severity of the database vulnerabilities, Oracle recommends that this Critical Patch Update (CPU) be applied against the affected systems as soon as possible."

Want to know more about Critical Patch Updates? Learn more about Oracle's Critical Patch Updates

If any one of the three vulnerabilities in the database were successfully exploited it could result in a full compromise of a system right down to the Windows desktop operating system, according to Maurice. On other platforms, however, the flaws have lower ratings because an attack would not lead to a compromise at the operating system layer, he wrote.

Until the application of the Oracle Critical Patch Update, common network access control products, including reverse proxies and firewalls, which are typically deployed around sensitive systems, can serve to "greatly reduce" the risks posed by these vulnerabilities, Maurice wrote. He said such network security tools can prevent hackers from remotely exploiting these vulnerabilities.

This is the first time that three fixes for Oracle's core database received the highest vulnerability rating. The ratings are determined by the Common Vulnerability Scoring System (CVSS), which was established by the National Institute of Standards and Technology, Carnegie Mellon University and other security groups. A 10 rating denotes vulnerabilities in the "high" severity range, with ratings between 7 and 10 considered high, while medium severity is between 4 and 6.9.

Oracle's next scheduled quarterly CPU is Jan. 12, 2010, with another three scheduled in 2010, on April 13, July 13 and October 12.

Tags: Oracle E-Business Suite,  Oracle applications implementation and upgrades,  Oracle database installation, upgrades and patches,  Oracle database security,  Oracle DBA tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Oracle E-Business Suite Part 3: The final ERP transition: Crossing the finish line successfully Part 2: Maintaining your place in the race -- ERP project management Revving your engines: Tuning up your ERP project plan Ventana's Mark Smith on Hyperion and Oracle BI Oracle CRM On Demand data integration raises big issues Oracle applications learning guide SMART weighs Oracle vs. SAP, picks E-Business Suite 12 for IFRS compliance Oracle's E-Business Suite consolidates HBO's financial operations Ellison sees new opportunities for Oracle with Java on mobile devices Oracle Application Integration Architecture: Where it is going? Oracle applications implementation and upgrades Users caution to look before you leap with Oracle Fusion Applications Oracle opens up the product floodgates at OpenWorld Oracle's PeopleSoft 9.1 has improved user productivity Oracle updates Agile PLM for food and beverage compliance Oracle OpenWorld 2009 Special Report Oracle CRM On Demand data integration raises big issues Oracle applications learning guide Collect America chooses Oracle Fusion Middleware 11g over open source Oracle raises prices on database management packs Oracle brings Fusion Middleware into the modern age Oracle applications implementation and upgrades Research Oracle database installation, upgrades and patches Oracle's Java database continues push into embedded database market How to use the Oracle Database Upgrade Assistant (DBUA) How to get the most out of Toad for Oracle 10 Coca-Cola Bottling swaps out Oracle for DB2 Oracle renews push into embedded open source software market Oracle releases new database, says 11g upgrade will cut costs Comparing servers for Oracle database 11g upgrades Choosing the right server hardware is all about choosing the right software The best of the Oracle 11g-ready servers Can Sun shine running Oracle 11g?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 10g  (SearchOracle.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary